From: Jan Kara <jack@suse.cz>
To: Fernando Luis Vazquez Cao <fernando_b1@lab.ntt.co.jp>
Cc: Jan Kara <jack@suse.cz>, Al Viro <viro@zeniv.linux.org.uk>,
Josef Bacik <jbacik@fusionio.com>,
Eric Sandeen <sandeen@redhat.com>,
Dave Chinner <dchinner@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 8/9] fsfreeze: add vfs ioctl to check freeze state
Date: Thu, 11 Oct 2012 18:26:53 +0200 [thread overview]
Message-ID: <20121011162653.GA18391@quack.suse.cz> (raw)
In-Reply-To: <5074DAB5.6080504@lab.ntt.co.jp>
On Wed 10-10-12 11:17:25, Fernando Luis Vazquez Cao wrote:
> On 2012/10/09 23:55, Jan Kara wrote:
> >On Tue 09-10-12 18:46:26, Fernando Luis Vazquez Cao wrote:
> >>I think that to cover all cases without adding a completely new API we
> >>need to do the following:
> >>
> >>1) Filesystems which are not tied to a block device (virtual
> >> filesystems, NAS, etc):
> >>
> >> As soon as the filesystem is removed from the namespace the
> >> superblock based fsfreeze ioctls become useless; if we let a umount
> >> of a frozen filesystem succeed we would not be able to thaw it (well
> >> we could use emergency thaw but it would be overkill). Since we do
> > Actually, you can always mount the filesystem again (you will essentially
> >just attach the superblock to the namespace again) and thaw the filesystem.
> >So this is not a big issue.
>
> The problem is that we may generate write I/O during the second
> mount. We would need to audit all filesystems (which I am fine
> with if there is a sensible use case).
Most filesystems should be fine as they use mount_bdev() so
foo_fill_super() isn't called in that case. But yes, some filesystems could
in theory do something weird.
> >> not want to break lazy umounts the only viable solution is thawing
> >> the superblock automatically on umount (releasing the active
> >> reference taken in freeze_super() to be more precise).
> > I'm not against this. As you write below, you cannot really thaw
> >freeze coming via block device so you end up with somewhat inconsistent
> >behavior (thaw only freezes by ioctl) but after all freeze of a filesystem
> >and freeze of a block device *are* somewhat different requests so the
> >inconsistency can be justified.
> >
> >Do I get right that when we do this, you won't need ioctls for querying the
> >freeze state?
>
> I would still want the check ioctls. For example, in some cases the
> freeze/unfreeze process is controlled by a daemon which can die
> and with the current API there is no way to check what state
> filesystems where left in (well, we have emergency thaw but thaw
> unfreezes all filesystems which may not be what we want, i.e. overkill).
> I have heard a lot of complaints about this from users.
Well, you're going to find out pretty quickly in what state a filesystem
is :) But I understand that with ioctl() you can produce a sensible
output...
> Virtualization is a special case of this where the freeze of a guest
> filesystem can be initiated from the hypervisor and carried out by
> a guest agent behind the guest's administrator's back.
OK.
> >>2) Block device based filesystems:
> >>
> >> These can be reached through the block device it is sitting on even
> >> if the filesystem was detached from the namespace and have the
> >> particularity that they can be frozen using two different APIs, a
> >> block device level one and the ioctls. When a filesytem was frozen
> >> using the former, which only has in-kernel users such as dm,
> >> automatically thawing the filesystem on umount is arguably too rude
> >> (we can end up breaking the filesystem level consistency of a
> >> storage snapshot). It we care about this, we could modify
> >> sys_umount() so that filesystem is automatically thawed if and only
> >> if there are no block device level freezes active. This behavior
> >> would be consistent with case 1) above (the premise here is that
> >> both fsfreeze and umount are userspace controlled operations and the
> >> administrator should know what it is doing) and is the less likely
> >> to cause surprises to freeze_bdev() users.
> >>
> >> It would also be nice to have a block device level thaw ioctl for
> >> emergency cases (for example, a scenario where thaw_bdev() was not
> >> called and the freeze counter was left in a inconsistent state;
> >> freeze_bdev() and thaw_bdev() are exported symbols and in many cases
> >> we cannot control what external modules do).
> > Umm, I don't know. I'd rather forbid thawing via ioctl when the device is
> >frozen via block device so that should solve possible issues caused by
> >buggy userspace and the rest is a kernel bug - emergency thaw is for
> >that...
>
> That is an approach I myself considered and that I would be ok
> with. I guess I will implement both and let Al decide.
OK.
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2012-10-11 16:26 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-05 5:24 [PATCH 0/9 v5] fsfreeze: miscellaneous fixes and cleanups Fernando Luis Vázquez Cao
2012-10-05 5:31 ` [PATCH 1/9] vfs: add __iterate_supers() and helpers around it Fernando Luis Vázquez Cao
2012-10-08 13:48 ` Jan Kara
2012-10-05 5:33 ` [PATCH 2/9] fsfreeze: add unlocked version of thaw_super Fernando Luis Vázquez Cao
2012-10-05 5:34 ` [PATCH 3/9] fsfreeze: Prevent emergency thaw from looping infinitely Fernando Luis Vázquez Cao
2012-10-05 5:35 ` [PATCH 4/9] fsfreeze: emergency thaw will deadlock on s_umount Fernando Luis Vázquez Cao
2012-10-08 13:57 ` Jan Kara
2012-10-09 5:07 ` Fernando Luis Vazquez Cao
2012-10-09 8:20 ` Jan Kara
2012-10-09 9:52 ` Fernando Luis Vazquez Cao
2012-10-05 5:38 ` [PATCH 5/9] xfs: switch to using super methods for fsfreeze Fernando Luis Vázquez Cao
2012-10-05 5:39 ` [PATCH 6/9] fsfreeze: move emergency thaw code to fs/super.c Fernando Luis Vázquez Cao
2012-10-05 5:42 ` [PATCH 7/9] fsfreeze: freeze_super and thaw_bdev don't play well together Fernando Luis Vázquez Cao
2012-10-08 14:17 ` Jan Kara
2012-10-05 5:43 ` [PATCH 8/9] fsfreeze: add vfs ioctl to check freeze state Fernando Luis Vázquez Cao
2012-10-08 15:05 ` Jan Kara
2012-10-09 9:46 ` Fernando Luis Vazquez Cao
2012-10-09 14:55 ` Jan Kara
2012-10-10 2:17 ` Fernando Luis Vazquez Cao
2012-10-11 16:26 ` Jan Kara [this message]
2012-10-05 5:44 ` [PATCH 9/9] fsfreeze: add block device " Fernando Luis Vázquez Cao
-- strict thread matches above, loose matches on Subject: below --
2012-09-14 6:43 [RFC, PATCH 0/9 v4] fsfreeze: miscellaneous fixes and cleanups Fernando Luis Vázquez Cao
2012-09-14 6:54 ` [PATCH 8/9] fsfreeze: add vfs ioctl to check freeze state Fernando Luis Vázquez Cao
2012-09-13 10:57 [RFC 0/9 v3] fsfreeze: miscellaneous fixes and cleanups Fernando Luis Vázquez Cao
2012-09-13 11:11 ` [PATCH 8/9] fsfreeze: add vfs ioctl to check freeze state Fernando Luis Vázquez Cao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121011162653.GA18391@quack.suse.cz \
--to=jack@suse.cz \
--cc=dchinner@redhat.com \
--cc=fernando_b1@lab.ntt.co.jp \
--cc=hch@infradead.org \
--cc=jbacik@fusionio.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sandeen@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).